Open-Xchange Security Advisory 2021-06-21
Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4583 (Bug ID) Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection') Vulnerable version: 2.3.0-2.3.14 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification: 2021-05-21 Solution date: 2021-05-22 Public disclosure: 2021-06-21 CVE reference: CVE-2021-33515 CVSS: 4.2 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N) Researcher credit: Fabian Ising and Damian Poddebniak of Münster University of Applied Sciences
Vulnerability Details:
On-path attacker could inject plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client. Only the SMTP submission service is affected.
Risk:
Attacker can potentially steal user credentials and mails. The attacker needs to have sending permissions on the submission server (a valid username and password).
Workaround:
None.
Solution:
Operators should update to 2.3.14.1 or later version.